ACK: [PATCH 1/1][B] UBUNTU: SAUCE: overlayfs: ensure mounter privileges when reading directories

Seth Forshee seth.forshee at
Wed Oct 24 15:43:21 UTC 2018

On Fri, Oct 19, 2018 at 04:45:39PM +0000, Tyler Hicks wrote:
> From: Andy Whitcroft <apw at>
> BugLink:
> When reading directory contents ensure the mounter has permissions for
> the operation over the constituent parts (lower and upper). Where we are
> in a namespace this ensures that the mounter (root in that namespace)
> has permissions over the files and directories, preventing exposure of
> protected files and directory contents.
> CVE-2018-6559
> Signed-off-by: Andy Whitcroft <apw at>
> [tyhicks: make use of new upstream check in ovl_permission() for copy-ups]
> [tyhicks: make use of creator (mounter) creds hanging off the super block]
> Signed-off-by: Tyler Hicks <tyhicks at>

Acked-by: Seth Forshee <seth.forshee at>

More information about the kernel-team mailing list